Closed Bug 921553 Opened 11 years ago Closed 11 years ago

Fix some rooting hazards that crept into bindings code

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla27

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Details

Attachments

(1 file)

Fix some binding rooting hazards that have popped up.
3.07 KB, patch
peterv
: review+
Details | Diff | Splinter Review 
Two things.

1)  UnionTypes.cpp ends up with code like this:

    nsresult rv = 
      UnwrapObject<prototypes::id::HTMLVideoElement,
                   mozilla::dom::HTMLVideoElement>(
        cx, &value.toObject(), SetAsHTMLVideoElement());

The second arg is a hazard if the third arg gcs.  We should just store that third arg in a stack temporary before we do this code, so we end up with something more like this:

    OwningNonNull<mozilla::dom::HTMLVideoElement>& memberSlot =
      SetAsHTMLVideoElement();
    {
      nsresult rv = 
        UnwrapObject<prototypes::id::HTMLVideoElement,
        mozilla::dom::HTMLVideoElement>(
          cx, &value.toObject(), memberSlot);

2) ConvertJSValueToByteString has an unrooted JSString on the stack that I think is in fact safe, but it's easy enough to shut up the analysis here by rooting it... and safer in the long run.
Whiteboard: [need review]
Attachment #811245 - Flags: review?(peterv) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/2c7230203ec2
Flags: in-testsuite+
Whiteboard: [need review]
Target Milestone: --- → mozilla27
https://hg.mozilla.org/mozilla-central/rev/2c7230203ec2
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: